Anti-DDoS Basic is a service that protects Elastic Compute Service (ECS) instances from distributed denial-of-service (DDoS) attacks to ensure system stability. If inbound traffic to an instance exceeds the maximum traffic rate allowed by the instance type, Alibaba Cloud Security throttles the traffic.
Anti-DDoS Basic is a free service included in Alibaba Cloud Security. It offers up to 5 Git/s of mitigation capacity against common DDoS attacks for free. The instance type of an ECS instance determines the mitigation capacity that is provided in the free tier. You can log on to the Traffic Security (Anti-DDoS Basic) console to check the actual mitigation capacity threshold. For more information, see View black hole triggering thresholds in Anit-DDoS Origin Basic.
How Anti-DDoS Basic works
After Anti-DDoS Basic is enabled, Alibaba Cloud Security monitors inbound traffic to ECS instances in real time. When large amounts of traffic or suspicious traffic such as DDoS attack traffic is detected, Alibaba Cloud Security redirects the traffic from the destination network to a scrubbing device. The scrubbing device identifies and removes malicious traffic and then returns legitimate traffic to the destination network to be forwarded to the ECS instances. This process is called traffic scrubbing. For more information, see What is Anti-DDoS Origin?.
Trigger conditions:
- Traffic pattern. When inbound traffic matches an attack traffic pattern, traffic scrubbing is triggered.
- Traffic amounts. Typically, DDoS attacks generate flood traffic on a magnitude of Gbit/s. When inbound traffic to an ECS instance reaches a specific threshold, traffic scrubbing is triggered regardless of whether the traffic is normal.
The methods of traffic scrubbing include filtering attack packets, throttling bandwidth, and throttling the packet forwarding rate.
- BPS threshold: When inbound traffic exceeds this threshold, traffic scrubbing is triggered.
- PPS threshold: When the inbound packet forwarding rate exceeds this value, traffic scrubbing is triggered.

Operations
By default, Anti-DDoS Basic is enabled for ECS. You can perform the following operations after you create an ECS instance:
- Configure scrubbing thresholds. After an ECS instance is created, the maximum thresholds of Anti-DDoS Basic for the instance type are used. However, the maximum BPS threshold for some instance types may be high and not safe. You must set the threshold based on your business needs. For more information, see Configure a traffic scrubbing threshold in Anti-DDoS Basic User Guide.
- (Not recommended) Disable traffic scrubbing. When traffic scrubbing is enabled and
inbound traffic to an ECS instance reaches a specific threshold, traffic scrubbing
is triggered regardless of whether the traffic is normal. This may affect or interrupt
normal business. You can manually disable traffic scrubbing for ECS instances. For
more information, see Cancel traffic cleaning in Anti-DDoS Basic User Guide.
Warning After traffic scrubbing is disabled for an ECS instance, when inbound traffic to the instance exceeds 5 Gbit/s, all traffic to the instance is routed to a blackhole. Proceed with caution.